Industroyer Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en15
fr1

Country

ch12
ru2
lu1

Actors

Industroyer4
NSO Group1

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Zeus Zeus Web Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2010-0359
2Vesta Control Panel/myVesta UploadHandler.php unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28379
3Directadmin Controlpanel CMD_SELECT_USERS cross site scriting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.05
4PHPUnit HTTP POST eval-stdin.php code injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.26CVE-2017-9841
5Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.56CVE-2020-1927
6Laravel save.php Error sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2018-6330
7RouterOS Upgrade Package code download7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-3977
8vBulletin redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2018-15493
9Apple iOS IOSurface memory corruption8.37.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2017-13861
10AVTECH IP Camera/NVR/DVR PwdGrp.cgi command injection9.89.2$5k-$25k$0-$5kHighNot Defined0.00
11Htmlpurifier HTML Purifier Error Message information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2011-3744
12phpMyAdmin 7pk security5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2016-6626
13phpMyAdmin ArbitraryServerRegexp Reuse 7pk security9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-6629
14GNU wget FTP path traversal5.14.9$0-$5k$0-$5kHighOfficial Fix0.00CVE-2014-4877
15SolarWinds Dameware Remote Mini Controller dwmrcs Daemon dwrcs.exe memory corruption9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2016-2345

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
15.39.218.152High
246.28.200.132hosted-by.solarcom.chHigh
393.115.27.57High
4XXX.XX.XXX.XXxx-xxxxxx-xxx-xx-xxx-xx.xxxxxx.xxHigh
5XXX.XX.XX.Xxxxxxxxxxxx.xxxxxxxxxxx.xxxHigh

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-80Cross Site ScriptingHigh
2T1211CWE-2547PK Security FeaturesHigh
3T1495CWE-494Download of Code Without Integrity CheckHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/cgi-bin/supervisor/PwdGrp.cgiHigh
2File/CMD_SELECT_USERSHigh
3Filedwrcs.exeMedium
4Filexxxx.xxxMedium
5Filexxxx/xxx/xxxx-xxxxx.xxxHigh
6Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxHigh
7Argumentxxx_xxxx/xxx_xxxxxxxHigh
8ArgumentxxxxxxxxMedium
9Input Valuexxx_xxx_xxxx_xxxx'"><xxxxxx>xxxxx(/xxxxx.xx/)</xxxxxx>High

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!